Justin Pryzby wrote: > On Tue, Jun 19, 2007 at 09:51:32PM +0200, Michael Kerrisk wrote: >> >> Justin Pryzby wrote: >>> clone 410221 -1 >>> retitle -1 noshell: strongly suggest deregistering from etc/shells, not >>> registering >>> severity -1 important >>> tag -1 security >>> >>> Hi Michael and Javier and security@, >>> >>> Regarding shells(5) manpage, I thought you might be interested that >>> /bin/su also (in addition to some ftpd) defines "restricted shell" as >>> "shells not in etc/shells". This is perhaps more relevant since most >>> people know to avoid ftpd but su is a core package. Also people might >>> go to some effort to use eg. /usr/sbin/nologin or /sbin/noshell, >>> follow the best-practice instructions, only to have su use this >>> information to decide that it's perfectly reasonable for some obscure >>> thing like gnats to su root... >> Justin, >> >> Are you suggesting something needs to change in shells(5)? I can't work >> out what it is from a short read of your mail. > Suggesting but not necessarily recommending; linux su must be more > canonical than some unnamed ftpds.
Hi Justin, Make your suggestion as a patch please... Cheers, Michael -- Michael Kerrisk maintainer of Linux man pages Sections 2, 3, 4, 5, and 7 Want to help with man page maintenance? Grab the latest tarball at http://www.kernel.org/pub/linux/docs/manpages/ read the HOWTOHELP file and grep the source files for 'FIXME'. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
